• Hackers are becoming more sophisticated, but protecting your cryptocurrency is simpler than you think

  • The month of cybersecurity awareness is coming to an end, but good security hygiene is a wise investment all year. As cryptocurrency becomes more popular, cybercriminals who prey on cryptocurrency holders become more inventive and persistent. That’s why Coinbase’s security team has created a simple guide for safeguarding your cryptocurrency and any other valuable data you store online. Here are the key points.

    Make use of a password manager. Humans are terrible at remembering passwords, which is why so many of us use simple phrases that we repeat across multiple websites. Password managers (such as 1password and Dashlane) generate and store strong, secure passwords for you, eliminating the need for memorization. Make use of one. (Would you like to know if your passwords have been compromised as a result of a known data breach? Visit haveibeenpwned.com for more information.)

    Turn on two-factor authentication (2FA). Even if a hacker steals your password, 2FA can protect your account. There are various types of 2FA, ranging from the least secure (SMS-based, in which a verification code is sent via text message) to the most secure (an app that generates verification codes, such as Google Authenticator) (a hardware security key like a Yubikey). We strongly advise against using SMS because hackers can steal texts using a common method known as “SIM-swapping” — in which your phone number is transferred to another device. Enable SMS 2FA if no other option is available; otherwise, consider using a different service.

    Keep your seed phrase safe. A seed phrase is a string of 12 to 24 words that serves as the physical key to a non-custodial cryptocurrency wallet such as Coinbase Wallet or MetaMask. Anyone who knows your seed phrase has access to the cryptocurrency in that wallet. If you lose or delete your wallet, you can restore it using your seed phrase; however, if you lose your seed phrase, you lose your cryptocurrency. (Keeping cryptocurrency in the “hosted wallet” that comes with every Coinbase account is a more convenient option for many users. By storing some crypto in a Coinbase Vault, you can add another layer of security without having to manage seed phrases.)

    Please do not click that link! SMS phishing is one of the most common tactics used by cybercriminals. Phishing is a type of online attack in which a cybercriminal pretends to be a legitimate entity or authority in order to trick their victim into clicking on a malicious link or attachment.

    Be cautious of “airdrops.” If you like NFTs or DeFi, you’ve probably heard of airdrops, which are when a project rewards early adopters by sending tokens to their wallets. However, our security team has been monitoring an ongoing phishing campaign involving airdrops in recent weeks. Randomly airdropped tokens appear in your wallet as part of the scam. If you try to interact with them, you’ll be prompted to connect your wallet to a website that appears to be a DeFi app but actually grants hackers access to your funds. To be safe, don’t interact with airdropped tokens from unknown sources, don’t connect your wallet to websites advertised by airdropped tokens, and don’t keep too much crypto in a wallet you regularly use to interact with crypto apps.

    Don’t set yourself up as a target. Don’t brag about your cryptocurrency holdings on social media, just as you wouldn’t brag about inheriting $50 million. Examine your online presence to see how much personal information someone could discover about you in order to steal your identity. (This self-assessment was created by the fine folks at Consumer Reports.)

    What's your reaction?